Skip to content

Instantly share code, notes, and snippets.

@VityaSchel

VityaSchel/macos-widget-to-ring-samsung-phones.md

Last active September 29, 2023 17:46
Show Gist options
  • Save VityaSchel/fe8945c0189bbaabed420003bdf3216d to your computer and use it in GitHub Desktop.
Save VityaSchel/fe8945c0189bbaabed420003bdf3216d to your computer and use it in GitHub Desktop.
Download ZIP
MacOS widget to ring samsung phones, reverse engineering samsung's smartthings find
Raw
macos-widget-to-ring-samsung-phones.md

hello gays

today we have a list of things to do to develop a widget for macos to ring samsung phones like on smartthings find

since no one developed it yet and I don't want to do that I'm just gonna leave it there for anyone and wait for anyone to develop it or tell me it exists

UPDATE: I actually was so bored I developed and published it: https://github.com/VityaSchel/samsung-pinger

number 1

get token for samsung

I found that csrf can be found in response to basically any *.do request to samsung in header "_csrf"

so it can be GET https://smartthingsfind.samsung.com/chkLogin.do or GET https://smartthingsfind.samsung.com/init.do

btw this number is persistant through session afaics it does not change on page refresh or requests, so u can reuse it if u manually grabbed it from browser page i just idk how long it will last and what happens if you relogin in browser, so it's better to go through all that login stuff on server or ask user to login and then grab their tokens

number 2

POST https://smartthingsfind.samsung.com/dm/addOperation.do?_csrf=[numbers]

payload:

{"dvceId":"[numbers]","operation":"RING","usrId":"[lettersnumbers]","lockMessage":"SmartThings Find is trying to find this phone.","status":"start"}

lmao can I actually set any lock message? that woud be fun and probably security vuln

btw you can also set CHECK_CONNECTION, LOCATION instead of RING to get other operations working

I suppose usrId and dvceId are not changing so u can reuse them and only reissue WMONID and JSESSIONID cookies. I have not a single fucking clue how to do that so this project is abandoned now goodbye

Also you don't need usrId, BUT BE CAREFUL TO INCLUDE _csrf OTHERWISE IT WILL LOGOUT YOU AND DELETE SESSION

Content-Type: application/json

Cookie: [cookies]

some of cookies that were passed to server when I rang my phone:

Name, (value), domain, (age) WMONID smartthingsfind.samsung.com isClickLogout true .samsung.com sa_did .samsung.com / Session datadome .samsung.com sa_id .samsung.com sa_state .samsung.com JSESSIONID smartthingsfind / Session

http only are WMONID, isClickLogout, sa_id, JSESSIONID

not needed to make request to chkLogin.do: isClickLogout, sa_did, sa_id, sa_state needed: WMONID, JSESSIONID

number 3

develop a widget so it appears here

image

and wen I click omn this widget it rings my phone

honorable mention

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment